* bump deps / fix permissions

9f3242d8 · Benjamin Ledel · c5e45cc9 · 9f3242d8 · 9f3242d8 · 9f3242d8
Commit 9f3242d8 authored 1 month ago by Benjamin Ledel
--- a/src/backend/role_permission.py
+++ b/src/backend/role_permission.py
@@ -11,14 +11,14 @@ class IsProvider(BasePermission):
    """

    def has_permission(self, request, view):
-        return bool(has_permission(request.user, Roles.CREATE_PROVIDER))
+        return bool(request.user.has_perm(Roles.CREATE_PROVIDER))


 class IsProviderManager(BasePermission):
    def has_permission(self, request, view):
-        return bool(has_permission(request.user, Roles.MANAGE_PROVIDER_KEYS))
+        return bool(request.user.has_perm(Roles.MANAGE_PROVIDER_KEYS))


 class IsAnalyst(BasePermission):
    def has_permission(self, request, view):
-        return bool(has_permission(request.user, Roles.MANAGE_ANALYTICS_TOKENS))
+        return bool(request.user.has_perm( Roles.MANAGE_ANALYTICS_TOKENS))
--- a/src/backend/roles.py
+++ b/src/backend/roles.py
@@ -3,14 +3,14 @@ from strenum import StrEnum


 class Roles(StrEnum):
-    CREATE_USER = 'create_user',
-    EDIT_USER = 'edit_user',
-    CREATE_PROVIDER = 'create_provider',
-    CHANGE_PROVIDER = 'change_provider',
-    MANAGE_PROVIDER_KEYS = 'manage_provider_keys',
-    MANAGE_ANALYTICS_TOKENS = 'manage_analytics_tokens',
-    CREATE_USER_CONSENT = 'create_user_consent',
-    REQUEST_USER_DATA = 'request_user_data',
+    CREATE_USER = 'users.create_user',
+    EDIT_USER = 'users.edit_user',
+    CREATE_PROVIDER = 'users.create_provider',
+    CHANGE_PROVIDER = 'users.change_provider',
+    MANAGE_PROVIDER_KEYS = 'users.manage_provider_keys',
+    MANAGE_ANALYTICS_TOKENS = 'users.manage_analytics_tokens',
+    CREATE_USER_CONSENT = 'users.create_user_consent',
+    REQUEST_USER_DATA = 'users.request_user_data',


 class PolarisAdministrator(AbstractUserRole):

--- a/src/backend/urls.py
+++ b/src/backend/urls.py
@@ -67,11 +67,11 @@ urlpatterns = [
    re_path(r"^saml2/meta(?:data)?/?$", views.MetadataView.as_view(), name="sso-saml2-meta"),
    re_path(r"^sso-dev/?$", views.DevView.as_view(), name="sso-dev"),

-    path("app/de/", render_angular_de),
-    path("app/en/", render_angular_en),
-    re_path(r'^app/de/(?P<path>.*)$', serve,{'document_root': os.path.join(settings.BASE_DIR,  "frontend/dist/frontend/de")}),
-    re_path(r"^$", detect_lang_redirect),
-    re_path(r"^(?:.*)/?$", detect_lang_redirect),
+  #  path("app/de/", render_angular_de),
+  #  path("app/en/", render_angular_en),
+  #  re_path(r'^app/de/(?P<path>.*)$', serve,{'document_root': os.path.join(settings.BASE_DIR,  "frontend/dist/frontend/de")}),
+  #  re_path(r"^$", detect_lang_redirect),
+  #  re_path(r"^(?:.*)/?$", detect_lang_redirect),
 ]

 if settings.DEBUG == "True":

--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -103,5 +103,5 @@ watchdog==2.2.1
 wcwidth==0.2.5
 whitenoise==6.3.0
 wrapt==1.14.1
-zeep==4.2.1
+zeep==4.3.1
 zipp==1.0.0
--- a/src/users/models.py
+++ b/src/users/models.py
 from datetime import date

 from django.conf import settings
-from django.contrib.auth.models import AbstractUser
+from django.contrib.auth.models import AbstractUser, Permission
 from django.db import models
 from django.utils.translation import gettext_lazy as _

@@ -24,3 +24,25 @@ class CustomUser(AbstractUser):

    def __str__(self):
        return f"Custom user {self.id}: {self.email}"
+
+    def has_perm(self, perm, obj=None):
+        """
+        Custom permission check: 
+        - Includes direct user permissions
+        - Includes group-based permissions
+        """
+        if self.is_superuser:  # Superuser has all permissions
+            return True
+
+        # Check direct user permissions
+        if self.user_permissions.filter(codename=perm.split(".")[-1]).exists():
+            return True
+
+        # Check group-based permissions
+        group_permissions = Permission.objects.filter(group__user=self).values_list(
+            "codename", flat=True
+        )
+        if perm.split(".")[-1] in group_permissions:
+            return True
+
+        return False
\ No newline at end of file
--- a/src/users/views.py
+++ b/src/users/views.py
@@ -30,7 +30,7 @@ class CreateUserView(APIView):
    parser_class = (JsonUploadParser,)

    def put(self, request, format=None):
-        if has_permission(request.user, Roles.CREATE_USER):
+        if request.user.has_perm(Roles.CREATE_USER):
            email = request.data.get("email", None)
            password = request.data.get("password", None)
            assign_provider_role = request.data.get("assign_provider_role", None)
@@ -161,12 +161,14 @@ class UserListView(APIView):
    permission_classes = (IsAuthenticated,)

    def get(self, request):
-        if has_permission(request.user, Roles.EDIT_USER):
+        if request.user.has_perm(Roles.EDIT_USER):
            users = CustomUser.objects.all()
            users = UserSerializer(users, many=True).data
            return JsonResponse(users,
                            safe=False,
                            status=status.HTTP_200_OK)
+        return JsonResponse({"status": "error", "message": 'not permissions'},
+            status=status.HTTP_401_UNAUTHORIZED)


 class GroupListView(APIView):
@@ -199,7 +201,7 @@ class PermissionsUpdateView(APIView):
    permission_classes = (IsAuthenticated,)

    def post(self, request, user_id): 
-        if not has_permission(request.user, Roles.EDIT_USER):
+        if not request.user.has_perm(Roles.EDIT_USER):
            return JsonResponse({"status": "error", "message": 'not permissions'},
                                status=status.HTTP_401_UNAUTHORIZED)
        try: